You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

New Member in need of help.

Hello, My name is Joe and I'm a new member here at bleepingcomputer. Recently I was requested to help "fix" a friends computer. While I am by no means a professional(truck driver by trade) over the years, and with quite a bit of help from friends, I've learned the basics of running a fairly clean machine. I've had to "fix" more than a couple friends computers over the years, and as I'm sure you can guess, normally the problem is nothing more than lack of regular maintenance in the way of updates, running an up to date anti-virus, and programs to clean/remove adware, spyware and the like. This particular computer is running windows 7. I have installed and run AVG(free), ad-aware(free), and Ccleaner. There was a ton of stuff that needed cleaned and removed. AVG found a trojan. I still can't get windows defender to turn on. I tried finding a remedy online and one of the suggestions was to uninstall and reinstall defender. When I looked, defender didn't appear in the programs list. When I try to start it manually it either times out or I get an error message. I installed and ran hijackthis, I'm not a regular user of this program, but for some reason it won't allow me to save a logfile, and it seems like I should be able to. When I try to save it says it cannot find the file path. It also tells me I'm denied access to the hosts file. Maybe I'm doing something wrong trying to save the log but it seems like it should be as easy as clicking save log and naming a file. I'm not selecting anything to be fixed with hijackthis till I can let someone in the know look at it, but I'd love to know what I'm doing wrong and where to begin. When I run hijackthis it show well over 50 if not 100 items. Anyone have any ideas? Thank you in advance.

Use Inherit.exe to fix inappropriate permissions.Use this fix, when you see a box that states Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item.

Download This FileSave it next to mbam.exe (this file is located in the Malwarebytes Anti-malware home folder). Once done, drag and drop mbam.exe into Inherit.exe. Click OK and attempt to run Malwarebytes Anti-malware once again.

Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on the renamed file to install the application.

When the installation begins, follow the prompts and do not make any changes to default settings.

Malwarebytes will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button and continue.

If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.

Click on the Scan button.

When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.

Make sure that everything is checked and then click Remove Selected.

When removal is completed, a log report will open in Notepad.

The log is automatically saved and can be viewed by clicking the Logs tab.

Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue

Let reboot if needed and tell me if the tool needed a reboot.

Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by boopme, 26 April 2012 - 08:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Apparently I got ahead of myself, and when I saved Malwarebytes the first time I forgot to rename it, and it didn't seem to want to update. I re-saved/re-installed changed the name, got it to update, and here is the new logfile. I have not yet had to use the inherit.exe file to get it to run.

Error: (05/03/2012 00:33:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/01/2012 11:57:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2012 07:43:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

I don't know if this is any help, or perhaps an indicator of a potential problem, but occasionally(about half the time) I refresh Chrome I get a message from Malwarebytes that it blocked access to a potentially malicious site. This is the info it gives. 204.137.28.82 type:outgoing port:56904, process :chrome.exe

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

I know it says Defender is set to Demand, before posting here I tried looking up ways to fix defender and it took me through the process of setting it back to Auto.Once I changed it, and tried to open Defender, it still wouldn't start, and when I went back and checked, it had been set back to Demand.

Well that is possibly a Chrome exe Virus, see if it still occurs after ESET scan.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook